b'                  U.S. Department of Energy\n                  Office of Inspector General\n                  Office of Audits and Inspections\n\n\n\n\nAUDIT REPORT\nFollow-up on the Department of Energy\'s\nAcquisition and Maintenance of Software\nLicenses\n\n\n\n\n DOE/IG-0920                         September 2014\n\x0c                                  Department of Energy\n                                    Washington, DC 20585\n\n                                       September 30, 2014\n\n\nMEMORANDUM FOR THE SECRETARY\n\n\nFROM:                    Gregory H. Friedman\n                         Inspector General\n\nSUBJECT:                 INFORMATION: Audit Report on "Follow-up on the Department of\n                         Energy\'s Acquisition and Maintenance of Software Licenses"\n\nBACKGROUND\n\nThe Department of Energy spends at least $1.4 billion per year on information technology to\nsupport its mission of ensuring the Nation\'s security and prosperity by addressing energy,\nenvironmental and nuclear challenges through science and technology solutions. To accomplish\nthis mission, the Department\'s Federal employees and facility contractors rely on commercial-\noff-the-shelf software for a multitude of services, including office automation, document\nmanagement, virtualization and engineering analysis. Given the size of the Department\'s\ninvestment, management of information technology, including software licenses, plays an\nimportant role in achieving the Department\'s mission.\n\nIn January 2006, an Office of Inspector General report on the Management of the Department\'s\nDesktop Computer Software Enterprise License Agreements (DOE/IG-0718) found that the\nDepartment had not adequately managed the acquisition and maintenance of software licenses.\nThe report noted that the Department spent about $4.1 million more than necessary over a 5-year\nperiod to acquire and maintain desktop software. In some cases, agreements and contracts\nentered into by Department organizations were as much as 300 percent more than those available\nthrough the Department\'s enterprise agreements. The review also identified that the Department\nlacked enterprise-wide agreements for common products such as security and antivirus software.\nExecutive Order 13589, Promoting Efficient Spending, requires agencies to assess current usage\nto ensure that they are not paying for unused or underutilized software. In addition, the Office of\nManagement and Budget recently issued guidance to promote sound strategic sourcing practices\nacross the Federal government. We initiated this follow-up audit to determine whether the\nDepartment effectively managed the acquisition and maintenance of its software licenses.\n\nRESULTS OF AUDIT\n\nAlthough the Department had made progress in addressing our prior recommendations, we found\nthat it had not adequately managed the acquisition and maintenance of computer software\nlicenses. We determined that programs and sites routinely paid more than necessary when\nacquiring software licenses and generally had not maintained an inventory of software to assist\nwith management of licenses. In particular:\n\x0c   \xe2\x80\xa2   Our review of software purchase data revealed that for the limited range of software\n       products we were able to evaluate, programs and sites spent approximately $600,000\n       more than necessary during a 3-year period. For example, we identified at least 52\n       instances where pricing for common products such as office automation, document\n       management and engineering software varied widely. We also identified 11 instances at\n       Sandia National Laboratories where employees used a purchase card to acquire software\n       licenses at higher prices than those established for the identical product in the\n       organization\'s software management system.\n\n   \xe2\x80\xa2   The price per license paid by the Department was often greater than established\n       government-wide acquisition contract prices available to all Federal agencies. For\n       example, the Department paid $250 more for document management software than the\n       price available using a National Aeronautics and Space Administration contract vehicle.\n       We also identified many instances where the Department\'s cost per software license was\n       more than the price offered by the General Services Administration. In one instance, the\n       Department paid $463 more than necessary for a version of document management\n       software.\n\n   \xe2\x80\xa2   While some sites had partially implemented software management systems since our\n       prior report, none of the Federal and contractor sites visited were able to provide a\n       complete inventory of software licenses. Specifically, although management noted in\n       response to our prior report that it would develop policy and guidance related to\n       maintaining an inventory of software licenses, the Office of the Chief Information Officer\n       was unable to provide a comprehensive inventory for all software licenses. Likewise,\n       Sandia National Laboratories could not account for all software licenses acquired using\n       purchase cards. As noted by Federal guidance and industry best practices,\n       implementation of a software asset management system can help organizations inventory\n       and assess the state of installed software across systems. Our findings are consistent with\n       a recent Government Accountability Office report on Federal Software Licenses \xe2\x80\x93 Better\n       Management Needed to Achieve Significant Savings Government-Wide (GAO-14-413,\n       May 2014), which identified that the Department had not adequately tracked software\n       licenses.\n\nThe issues identified occurred, in part, because the Department had not developed and\nimplemented a fully effective strategy for acquiring and managing software licenses.\nSpecifically, contrary to a 2011 Office of Management and Budget memorandum directing\nagencies to pool purchasing power to drive down costs and improve service, the Department\ncontinued to utilize a fragmented approach without a formal process for ensuring that software\npurchases were coordinated between Headquarters and/or field sites. Our review found that the\nNational Nuclear Security Administration, several of the Department\'s National Laboratories and\nthe Office of the Chief Information Officer were each independently working towards or had\nnegotiated their own enterprise-wide agreements. In addition, four sites reviewed had not\neffectively implemented systems to account for all software licenses. For example, Argonne\nNational Laboratory had not fully deployed its asset management tool on every computer on the\nnetwork and had not implemented capabilities to integrate it with the site\'s procurement system,\nwhich could have allowed it to update software license information at the time of purchase. The\n\n                                                2\n\x0cOffice of the Chief Information Officer indicated that the decentralized structure of the\nDepartment contributed to the weaknesses identified. While we agree, we believe that more\neffective coordination among programs and sites is a critical step in the process to help overcome\nthis obstacle.\n\nThe Department had taken a number of actions to improve the management and acquisition of\nsoftware licenses since our prior report was issued. In particular, officials recently updated the\nDOE Acquisition Guide to emphasize the importance of strategic sourcing to reduce costs.\nFurthermore, Office of the Chief Information Officer officials told us that the Enterprise-Wide\nAgreement Integrated Project Team established numerous enterprise agreements for commonly\nused software that resulted in significant savings. Four sites reviewed also either had\nimplemented or were in the process of implementing site-specific systems with the capability to\nmanage and/or procure software licenses from a central location. In addition, Lawrence\nBerkeley National Laboratory was analyzing use of office automation software to determine\nwhether it could reduce costs while still meeting user needs.\n\nWhile these were positive actions, more work remains to ensure effective software asset\nmanagement. As such, we have made recommendations to help the Department effectively\nmanage the acquisition and maintenance of software licenses and realize potential savings of up\nto approximately $600,000 over the next 3 years at just the locations reviewed. We believe that\nactual unnecessary expenditures and related potential savings may be significantly higher than\nour calculations demonstrate due to the lack of information available at sites regarding software\npurchases. In addition, because our review was limited to 10 sites, the results only represent a\nportion of the Department\'s software purchases to support its approximately 115,000 Federal and\ncontractor employees across the complex.\n\nMANAGEMENT REACTION\n\nManagement concurred with the report\'s recommendations and indicated that corrective actions\nhad been taken or were planned to address the issues identified. While management\'s comments\nindicated that many corrective actions had been completed to address our recommendations, the\nfindings in our report indicated that additional work is necessary. Management\'s comments and\nour responses are summarized in the body of the report. Management\'s formal comments are\nincluded in their entirety in Appendix 3.\n\nAttachment\n\ncc: Deputy Secretary\n    Under Secretary for Nuclear Security\n    Deputy Under Secretary for Management and Performance\n    Deputy Under Secretary for Science and Energy\n    Chief of Staff\n\n\n\n\n                                                 3\n\x0cAUDIT REPORT ON FOLLOW-UP ON THE DEPARTMENT OF\nENERGY\'S ACQUISITION AND MAINTENANCE OF\nSOFTWARE LICENSES\n\n\nTABLE OF CONTENTS\n\nAudit Report\n\nDetails of Finding ............................................................................................................................1\n\nRecommendations ............................................................................................................................6\n\nManagement Response and Auditor Comments ..............................................................................7\n\nAppendices\n\n     1. Objective, Scope and Methodology .....................................................................................9\n\n     2. Related Reports ..................................................................................................................11\n\n     3. Management Comments ....................................................................................................13\n\x0cFOLLOW-UP ON THE DEPARTMENT OF ENERGY\'S\nACQUISITION AND MAINTENANCE OF SOFTWARE\nLICENSES\n\nDETAILS OF FINDING\nThe Department of Energy\'s (Department) Federal and contractor locations had not adequately\nmanaged the acquisition and maintenance of computer software licenses. Specifically, the\nDepartment paid more than necessary to acquire software licenses and did not always take\nadvantage of existing enterprise software agreements. In addition, Department programs and\nsites had not adequately maintained an inventory of all software, a key control necessary to help\nmanage software expenses. In addition to obvious financial benefits associated with enhanced\nmanagement of software licenses, an inventory of software licenses would allow the Department\nto better protect its information technology resources from cybersecurity compromises by\nhelping to identify those software applications that may require regular security updates. Our\nsoftware inventory findings are consistent with a recent Government Accountability Office\nreport on Federal Software Licenses \xe2\x80\x93 Better Management Needed to Achieve Significant\nSavings Government-Wide (GAO-14-413, May 2014), which noted that the Department had not\nadequately tracked software licenses.\n\nSoftware License Acquisition\n\nWe determined that the Department spent approximately $600,000 more than necessary during a\n3-year period to acquire software licenses at the locations we reviewed. For common products\nsuch as office automation, document management and engineering software, we identified at\nleast 52 instances where pricing for available products varied by more than $50 per license. At\nHeadquarters, one program office paid $1,106 for document management software even though\nanother program office paid only $595 for the same product, a difference of $511 (46 percent).\nSimilarly, Los Alamos National Laboratory paid $93 (15 percent) more than Lawrence Berkeley\nNational Laboratory for the same document management software. Our review also identified a\nprice difference of approximately $2,700 per license for popular engineering software at two\nsites.\n\nWe identified numerous instances at Sandia National Laboratories where users had utilized a\npurchase card to acquire software licenses at higher prices than those established within the\norganization\'s software management system. For example, we identified at least 10 instances of\npurchase card users paying more than necessary to acquire office automation software \xe2\x80\x93\nsometimes paying up to $164 more per license than the price available through the software\nmanagement system. In another instance, the price paid for engineering software using a\npurchase card exceeded the price available in the software management system.\n\nIn addition to varying prices paid when compared across and within Department locations, we\nidentified numerous instances where the price paid per software license to the Department were\ngreater than the established government-wide acquisition contract prices available to all Federal\nagencies. For example, the Department paid $250 (29 percent) more per license for one product\nthan the cost available through a government-wide acquisition contract established by the\nNational Aeronautics and Space Administration and available for use by all Federal agencies.\n\n\n\nDetails of Finding                                                                        Page 1\n\x0cWe also identified many instances where the Department paid more than the price available\nthrough the General Services Administration, including one example where it paid $463 more\nthan necessary for a single version of document management software.\n\nWhile we attempted to identify all excessive costs, our analysis was limited due to a lack of\ninformation regarding software purchases at each of the locations reviewed. 1 For example, at\none location, we found that 10 percent of the sampled software purchases contained errors\nrelated to the prices identified in the site\'s purchase records. Therefore, we excluded those items\nfrom our estimated cost savings. The table below details potential excessive expenditures over a\n3-year period for certain software products based on data we were able to obtain.\n\n                                                                  FISCAL YEAR\n               PRODUCT                               2010            2011                         2012\n     Document Management Software                     $99,634          $98,510                     $116,799\n         Office Automation Software                   $53,023         $139,348                      $60,864\n              Virtualization Software                   $3,882          $3,859                       $6,945\n                Engineering Software                     $920           $1,812                         $650\n            Screen Capture Software                     $8,130          $2,520                       $2,823\n                              Subtotal               $165,589         $246,049                     $188,081\n                                                  TOTAL EXCESSIVE EXPEDITURES                      $599,719\n\nSoftware License Inventory\n\nThe Department had not maintained an inventory of software licenses to ensure the software\nmanagement process was cost-effective and securely managed. While some sites had\nimplemented software management systems, none of the Federal and contractor locations visited\nwere able to provide a complete inventory of software licenses. For instance, we found:\n\n     \xe2\x80\xa2   Although the Department implemented a common operating environment for the\n         majority of program and staff offices at Headquarters, the Office of the Chief\n         Information Officer (OCIO) was unable to provide a comprehensive inventory of all\n         software licenses. In fact, the Department\'s response to a recent Government\n         Accountability Office report indicated that the OCIO collected software information on\n         less than one-half of Federal users.\n\n     \xe2\x80\xa2   Even though Sandia National Laboratories implemented the Software Asset\n         Management System to track software and facilitate the procurement of licenses,\n         officials were unable to provide a complete inventory of software. Specifically, during\n         our review, a Laboratory official informed us that not all software acquired using a\n         purchase card was registered in the Software Asset Management System. Failure of the\n         site to account for all software purchases could prevent officials from ensuring\n         compliance with software agreements and identifying redundant purchases or other cost-\n         savings opportunities.\n1\n The data provided by the sites in some cases lacked the necessary product description information and thus did not\nallow for a comprehensive analysis of all software products.\n\n\nDetails of Finding                                                                                        Page 2\n\x0cAs noted by the National Institute of Standards and Technology, implementation of a software\nasset management system can help an organization inventory its software and provide accurate,\ntimely information to assess the current state of installed software across its information\ntechnology systems. Furthermore, accurate inventory records can assist a program and site in\ndetermining whether it is fully utilizing procured licenses and/or whether it is compliant with\nvendor license agreements.\n\nSoftware Acquisition and Inventory Methods\n\nThe issues identified occurred, in part, because the Department had not developed and\nimplemented a fully effective strategy for acquiring and maintaining an inventory of software\nlicenses. Specifically, contrary to Federal guidance, the Department continued to utilize a\nfragmented approach to software acquisition and had not ensured that purchases were pooled\namong all Department organizations, when appropriate. In addition, sites reviewed had not\nimplemented effective processes to account for all software licenses.\n\n                          Coordination of Software Acquisitions\n\nThe Department paid more than necessary to procure software licenses because program and site\nofficials had not ensured that purchases were appropriately coordinated to obtain the lowest\navailable price. In addition, officials had not utilized existing government-wide acquisition\ncontracts available for use by all agencies, when appropriate.\n\nWe found that attempts to improve collaborative efforts resulted in the establishment of multiple,\nindependent working groups that were often not adequately coordinated. As noted in a 2011\nOffice of Management and Budget memorandum, agency Chief Information Officers were\ndirected to pool agency purchasing power to drive down costs and improve service for\ncommodity information technology. A primary goal of the Department\'s Information\nTechnology Modernization Strategy is to provide Department governance, policy and oversight\nprocesses to ensure secure, efficient and cost-effective use of information technology resources.\nHowever, we noted that the National Nuclear Security Administration (NNSA) Supply Chain\nManagement Center, the Department\'s Integrated Contractor Purchasing Team and the OCIO\'s\nEnterprise-Wide Agreements Integrated Project Team were each independently working towards\nor had negotiated their own enterprise-wide agreements rather than using aggregated bulk\npurchase agreements to minimize costs.\n\nIn addition, our analysis found that the Integrated Project Team was not always collaborative\nbecause various programs and sites were not actively participating. While an OCIO official\nnoted that the Integrated Project Team was supposed to hold quarterly meetings, we found no\nmeetings had been conducted since October 2012. Furthermore, various officials we spoke with\nat Los Alamos National Laboratory \xe2\x80\x93 one of the largest management and operating contractors\nwithin the Department \xe2\x80\x93 were unaware of the Integrated Project Team until we informed them of\nthe working group\'s existence and had not participated in the team\'s activities. One of the\nobjectives to achieve the Information Technology Modernization Strategy is to reduce the\nnumber of product and service procurement vehicles, allowing the Department to leverage its\ncollective buying power to simplify and reduce the cost and complexity of acquisitions. During\n\n\n\nDetails of Finding                                                                        Page 3\n\x0cour review, however, several site individuals indicated that while having a central source of\ninformation would benefit them in the procurement of software products, such a mechanism did\nnot exist. With better coordination, the Department could work to establish a central source of\ninformation to identify the best available contracts or agreements and potentially reduce\nacquisition costs and allow Federal and contractor employees to better utilize limited resources.\n\n                               Software Inventory Processes\n\nInventory management weaknesses occurred because the sites reviewed had not effectively\nimplemented processes to track all software licenses. Although management noted in response\nto our prior report that it would develop and implement policy and guidance to support a\nsoftware license inventory process, we found that Department Order 200.1A, Information\nTechnology Management, did not contain a well-defined process that outlined how the\nDepartment should conduct its software license inventory process. As such, sites continued to\nencounter problems with software inventories. For instance, Sandia National Laboratories did\nnot require licenses procured by alternative methods such as purchase cards to be registered in\nthe Software Asset Management System. Rather, it was the user\'s responsibility to manually add\nsoftware purchases to the system. However, based on discussions with a site official and review\nof procurement data, we found that two types of engineering software products costing $7\nmillion over a 3-year period may not have been included in the Software Asset Management\nSystem by the users. Furthermore, Lawrence Berkeley National Laboratory managed its\nsoftware licenses in a decentralized manner at the project, program or division level which\nlimited the site\'s ability to adequately track software licenses.\n\nOur findings related to software inventory management are consistent with the Government\nAccountability Office\'s recent report, which identified that Department-wide software inventory\nmanagement policies were not developed that encompassed best practices to include centralized\nsoftware license management, tracking and maintaining of a comprehensive inventory using\nautomated tools, and use of software license data analysis to make cost-effective decisions. We\nbelieve that had the Department fully understood what types and quantities of software it\nacquired, officials would have been in a better position to negotiate lower prices with software\nvendors.\n\nOpportunities for Improvement\n\nWithout improvements in the procurement of software licenses, the Department could potentially\npay up to approximately $600,000 more than necessary over the next 3 years at just the locations\nreviewed. Enhancements to the software acquisition process, including centralizing purchases\nand the use of enterprise agreements when appropriate, could allow the Department to maximize\nand leverage its purchasing power as a large Federal entity. We believe that our estimated\nsavings are conservative because our review only focused on a sample of the Department\'s\nprograms and sites and included only certain types of software licenses used to support the\nDepartment\'s approximately 115,000 Federal and contractor employees.\n\nIn addition, absent a complete and accurate software inventory, the Department may be unable to\nadequately budget for future software costs and will continue to run a higher than necessary risk\n\n\n\nDetails of Finding                                                                        Page 4\n\x0cof overbuying software licenses. A complete and accurate inventory would also allow the\nDepartment to better realize economies of scale by streamlining negotiations for new software\nagreements. For instance, without a complete inventory of software, the Department may be\nunable to perform the necessary analysis to determine whether certain software products are\neligible for an enterprise agreement. Furthermore, proper knowledge or control of the software\ndeployed at an organization can help cybersecurity officials identify vulnerable software and\ndefend against ongoing threats of compromise.\n\n\n\n\nDetails of Finding                                                                      Page 5\n\x0cRECOMMENDATIONS\nTo address the issues identified in this report, we recommend that the Under Secretary for\nNuclear Security, the Deputy Under Secretary for Science and Energy and the Deputy Under\nSecretary for Management and Performance, in coordination with the Department and National\nNuclear Security Administration Chief Information Officers and the Director, Office of\nManagement:\n\n   1. Develop and implement a process to ensure that software purchases are coordinated\n      among Federal and contractor entities to the extent practical, including periodic reviews\n      of software purchases across the Department to facilitate the negotiation and use of\n      enterprise agreements.\n\n   2. Ensure that all software licenses are appropriately tracked using asset management\n      systems, including registering and/or monitoring license acquisition and usage.\n\n\n\n\nRecommendations                                                                          Page 6\n\x0cMANAGEMENT RESPONSE\nManagement concurred with the report\'s recommendations and indicated that corrective actions\nhad been taken or were planned to address the issues identified. Management agreed that\nenhancements to the software acquisition process could allow the Department to maximize and\nleverage its purchasing power as a large Federal entity. Management commented that the\nEnterprise-wide Strategic Sourcing Program was established to create a comprehensive approach\nto acquisitions that are strategically driven to ensure maximum value for every dollar spent.\nAlthough the program did not coordinate procurement activities across the Department,\nmanagement noted that it facilitated a strategic approach through guidance and direction.\nManagement indicated that the process to build an effective and efficient information technology\nprogram was complicated by the organizational structure of the Department. For instance,\nmanagement asserted that the use of management and operating contracts impacted coordination\nefforts and that it cannot dictate the software and hardware used by management and operating\ncontractors. The Office of Management indicated that the fragmented approach identified in our\nreport also occurred with other acquisition activities and noted that it was working towards the\ndevelopment of a policy that would emphasize the use of existing strategic procurement vehicles\nas part of the procurement planning process.\n\nIn response to recommendation one, the OCIO commented that it would continue to encourage\nconsolidation of software package acquisition and the use of volume purchasing arrangements\nthrough enterprise-wide agreements and the application of best practices in software\nimplementation. The Office of Science commented that it collaborated with other Department\nentities on certain software agreements and would collaborate further if deemed practical and\nbeneficial. NNSA management indicated that it will follow the Department\'s lead and encourage\nconsolidation and use of volume purchasing arrangements. NNSA also commented that it would\ncontinue to utilize the Kansas City Plant\'s Supply Chain Management Center as part of its efforts\nto mature enterprise-wide processes.\n\nIn response to our second recommendation, the OCIO acknowledged that the Department did not\nhave a complete inventory of software licenses, but indicated that it maintained an inventory that\nincluded close to 45 percent of Federal users and direct support contractors. In addition, the\nOffice of Science commented that it already tracked all software licenses and considered the\nrecommendation closed. NNSA management indicated that all management and operating\ncontractors must manage software based on contracted licenses and noted that it was working to\nimprove situational awareness of local software inventories.\n\nAUDITOR COMMENTS\nManagement\'s comments are generally responsive to our report and recommendations. For\ninstance, the Office of Management\'s commitment to develop a policy that emphasizes the use of\nstrategic procurements should, if implemented across the Department, help to remediate some of\nthe issues identified in our report. However, while management considered corrective actions\ncompleted related to our recommendations, we believe that additional work is necessary. As\nnoted in our report, coordination of software purchases both across and within locations can be\nimproved. For example, our report highlighted numerous examples of programs and sites that\n\n\nManagement Response and Auditor Comments                                                  Page 7\n\x0cpaid varying prices for the same software. In addition, we identified differing prices paid for the\nsame software at the same site. Furthermore, additional work is necessary to ensure that all\nsoftware licenses are appropriately tracked using asset management systems. While the Office\nof Science commented that it was already tracking software licenses and considered our\nrecommendation closed, we found that several Office of Science locations encountered\nweaknesses related to software management. Notably, NNSA\'s commitment to improve\nawareness of software inventories at each of its locations is encouraging.\n\n\n\n\nManagement Response and Auditor Comments                                                   Page 8\n\x0c                                                                           APPENDIX 1\n\n                  OBJECTIVE, SCOPE AND METHODOLOGY\nObjective\n\nTo determine whether the Department of Energy (Department) effectively managed the\nacquisition and maintenance of its software licenses.\n\nScope\n\nThe audit was performed between December 2012 and September 2014, at Department\nHeadquarters in Washington, DC, and Germantown, Maryland; Los Alamos National\nLaboratory, Los Alamos, New Mexico; Sandia National Laboratories, Albuquerque, New\nMexico; Argonne National Laboratory and Chicago Office, Argonne, Illinois; Brookhaven\nNational Laboratory, Upton, New York; and Lawrence Berkeley National Laboratory, Berkeley,\nCalifornia. We also obtained information from Pacific Northwest National Laboratory,\nRichland, Washington; Oak Ridge National Laboratory, Oak Ridge, Tennessee; and Savannah\nRiver Site, Aiken, South Carolina. The audit was conducted under Office of Inspector General\nProject Number A13TG005.\n\nMethodology\n\nTo accomplish our audit objective, we judgmentally selected a sample of 10 Department sites.\nThis selection was based primarily on information technology expenditures and follow-up on\nprior report findings. Because a judgmental sample of Department sites was used, the results\nwere limited to the sites or locations selected. Additionally, we:\n\n   \xe2\x80\xa2   Reviewed applicable laws and regulations pertaining to acquisition and maintenance of\n       software licenses;\n\n   \xe2\x80\xa2   Reviewed applicable standards and guidance issued by the Office of Management and\n       Budget;\n\n   \xe2\x80\xa2   Reviewed prior reports issued by the Office of Inspector General and the Government\n       Accountability Office;\n\n   \xe2\x80\xa2   Held discussions with program officials and personnel from Department Headquarters\n       and field sites reviewed, including representatives from the Offices of the Chief\n       Information Officer, Environmental Management, Science, Fossil Energy, as well as the\n       National Nuclear Security Administration;\n\n   \xe2\x80\xa2   Reviewed numerous documents related to the Department\'s management and acquisition\n       of software licenses; and\n\n   \xe2\x80\xa2   Used data analysis software to evaluate and compare software license purchases by\n       programs and field sites.\n\n\n\nObjective, Scope and Methodology                                                       Page 9\n\x0c                                                                              APPENDIX 1\nWe calculated software acquisition savings by comparing the historical spending patterns of\ninformation technology software purchase data for a 3-year period (Fiscal Years 2010 to 2012) at\nthe sites reviewed. We compared the prices paid by the sites for certain common software\nproducts to the lowest prices available through other existing agreements to determine potential\nsavings. Our analysis only accounted for software purchases for which detailed information such\nas product and version could be determined. In addition, the analysis excluded all software\nmaintenance and/or upgrade purchases.\n\nWe conducted this performance audit in accordance with generally accepted Government\nauditing standards. Those standards require that we plan and perform the audit to obtain\nsufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions\nbased on our audit objectives. We believe that the evidence obtained provides a reasonable basis\nfor our findings and conclusions based on our audit objectives. Accordingly, we assessed\nsignificant internal controls and the Department\'s implementation of the GPRA Modernization\nAct of 2010. Because our review was limited, it would not have necessarily disclosed all internal\ncontrol deficiencies that may have existed at the time of our evaluation. We relied on computer-\nprocessed data to satisfy our objectives and tested the completeness and accuracy of such data by\ncomparing a judgmental sample of the information provided by programs and field sites to\nvendor invoices. Because a judgmental sample of purchase data was selected, results and overall\nconclusions are limited to the items tested and cannot be projected to the entire population. We\ndetermined that the data provided was reasonably reliable for the purposes of our audit objective.\nIn one instance, we found that 5 of 50 (10 percent) vendor invoices for a site contained incorrect\ndata. Therefore, we subtracted 10 percent from the estimated savings for that site to compensate\nfor the incorrect data.\n\nManagement waived an exit conference.\n\n\n\n\nObjective, Scope and Methodology                                                        Page 10\n\x0c                                                                            APPENDIX 2\n\n                                 RELATED REPORTS\nOffice of Inspector General\n\n   \xe2\x80\xa2   Special Report on Management Challenges at the Department of Energy \xe2\x80\x93 Fiscal Year\n       2014 (DOE/IG-0899, November 2013). The Department of Energy (Department)\n       receives an annual appropriation approaching $25 billion, employs more than 115,000\n       Federal and contractor personnel, and manages assets valued at $180 billion. With its\n       critical important mission in mind, the Office of Inspector General identified what it\n       considers to be the most significant management challenges facing the Department each\n       year. One of the management challenges identified in the Fiscal Year 2014 report\n       pertained to Operational Efficiency and Cost Savings. We concluded that the current\n       economic climate and associated Federal budgetary concerns dictated that finding ways\n       to improve efficiency and reduce the cost of agency operations was the preeminent\n       management challenge facing the Department. Recent Department budget constraints,\n       along with the implementation of sequestration, have exacerbated our concerns.\n\n   \xe2\x80\xa2   Audit Report on Management of the Department\'s Desktop Computer Software\n       Enterprise License Agreements (DOE/IG-0718, January 2006). The Department had not\n       adequately managed the acquisition and maintenance of desktop computer software\n       licenses. Instances were noted where software was acquired through established\n       agreements or contracts at prices as much as 300 percent higher than those available\n       through Department-level agreements. Furthermore, despite the potential for significant\n       savings, enterprise agreements for common products such as security and antivirus\n       software had not been established. In addition, it was noted that various sites and\n       organizations paid for annual maintenance fees for 14,000 encryption software licenses\n       that were never used. These problems occurred because the Department had not\n       established a complex-wide desktop software acquisition and maintenance strategy.\n       Also, the Department had not developed complex-wide standards for desktop software,\n       implemented a common method for acquiring software, and did not require organizations\n       to actively manage their inventory of existing licenses.\n\nGovernment Accountability Office\n\n   \xe2\x80\xa2   Report on FEDERAL SOFTWARE LICENSES: Better Management Needed to Achieve\n       Significant Savings Government-Wide (GAO-14-413, May 2014). The Office of\n       Management and Budget and the vast majority of agencies reviewed did not have\n       adequate policies for managing software licenses. The Government Accountability\n       Office (GAO) found that of the 24 major Federal agencies, 2 had comprehensive policies;\n       18 had policies that were not comprehensive; and 4 had no policies. GAO found that the\n       Department had established a policy requiring the Office of the Chief Information Officer\n       to address centralized management through consolidation of software acquisition, volume\n       purchasing arrangements and enterprise-wide agreements and to track and maintain its\n       inventory of software licenses. However, the Department did not have a policy\n       addressing analysis of license data to make informed investment decisions; education and\n       training; establishing goals and objectives of the program; and managing licenses\n\n\nRelated Reports                                                                       Page 11\n\x0c                                                                           APPENDIX 2\n      throughout the entire lifecycle. In addition, the GAO found that Department licenses\n      were primarily managed in a decentralized manner and that the Department did not\n      analyze software license data to identify opportunities to reduce costs.\n\n\n\n\nRelated Reports                                                                      Page 12\n\x0c                                            APPENDIX 3\n\n                      MANAGEMENT COMMENTS\n\n\n\n\nManagement Comments                              Page 13\n\x0c                      APPENDIX 3\n\n\n\n\nManagement Comments        Page 14\n\x0c                      APPENDIX 3\n\n\n\n\nManagement Comments        Page 15\n\x0c                                        FEEDBACK\nThe Office of Inspector General has a continuing interest in improving the usefulness of its\nproducts. We aim to make our reports as responsive as possible and ask you to consider sharing\nyour thoughts with us.\n\nPlease send your comments, suggestions and feedback to OIGReports@hq.doe.gov and include\nyour name, contact information and the report number. Comments may also be mailed to:\n\n                              Office of Inspector General (IG-12)\n                                     Department of Energy\n                                    Washington, DC 20585\n\nIf you want to discuss this report or your comments with a member of the Office of Inspector\nGeneral staff, please contact our office at (202) 253-2162.\n\x0c'